{"title":"基于贝叶斯规则学习的MQTT通信协议入侵检测系统","authors":"Qi Liu, H. Keller, V. Hagenmeyer","doi":"10.1145/3465481.3470046","DOIUrl":null,"url":null,"abstract":"Rule learning based intrusion detection systems (IDS) regularly collect and process network traffic, and thereafter they apply rule learning algorithms to the data to identify network communication behaviors represented as IF-THEN rules. Detection rules are inferred offline and can be periodically automatically updated online for intrusion detection. In this context, we implement in the present paper various attacks against MQTT in a carefully designed and very realistic experiment environment, instead of a simulation program as commonly seen in previous works, for data generation. Besides, we investigate a Bayesian rule learning based approach as countermeasure, which is able to detect various attack types. A Bayesian network is learned from training data and subsequently translated into a rule set for intrusion detection. The combination of prior knowledge (about the communication protocol and target system) and data help to efficiently learn the Bayesian network. The translation from the Bayesian network to a set of inherently interpretable rules can be regarded as a transformation from implicit knowledge to explicit knowledge. We show that our proposed method can achieve not only good detection performance but also high interpretability.","PeriodicalId":417395,"journal":{"name":"Proceedings of the 16th International Conference on Availability, Reliability and Security","volume":"19 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-08-16","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":"{\"title\":\"A Bayesian Rule Learning Based Intrusion Detection System for the MQTT Communication Protocol\",\"authors\":\"Qi Liu, H. Keller, V. Hagenmeyer\",\"doi\":\"10.1145/3465481.3470046\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Rule learning based intrusion detection systems (IDS) regularly collect and process network traffic, and thereafter they apply rule learning algorithms to the data to identify network communication behaviors represented as IF-THEN rules. Detection rules are inferred offline and can be periodically automatically updated online for intrusion detection. In this context, we implement in the present paper various attacks against MQTT in a carefully designed and very realistic experiment environment, instead of a simulation program as commonly seen in previous works, for data generation. Besides, we investigate a Bayesian rule learning based approach as countermeasure, which is able to detect various attack types. A Bayesian network is learned from training data and subsequently translated into a rule set for intrusion detection. The combination of prior knowledge (about the communication protocol and target system) and data help to efficiently learn the Bayesian network. The translation from the Bayesian network to a set of inherently interpretable rules can be regarded as a transformation from implicit knowledge to explicit knowledge. We show that our proposed method can achieve not only good detection performance but also high interpretability.\",\"PeriodicalId\":417395,\"journal\":{\"name\":\"Proceedings of the 16th International Conference on Availability, Reliability and Security\",\"volume\":\"19 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-08-16\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"5\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 16th International Conference on Availability, Reliability and Security\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3465481.3470046\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 16th International Conference on Availability, Reliability and Security","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3465481.3470046","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
A Bayesian Rule Learning Based Intrusion Detection System for the MQTT Communication Protocol
Rule learning based intrusion detection systems (IDS) regularly collect and process network traffic, and thereafter they apply rule learning algorithms to the data to identify network communication behaviors represented as IF-THEN rules. Detection rules are inferred offline and can be periodically automatically updated online for intrusion detection. In this context, we implement in the present paper various attacks against MQTT in a carefully designed and very realistic experiment environment, instead of a simulation program as commonly seen in previous works, for data generation. Besides, we investigate a Bayesian rule learning based approach as countermeasure, which is able to detect various attack types. A Bayesian network is learned from training data and subsequently translated into a rule set for intrusion detection. The combination of prior knowledge (about the communication protocol and target system) and data help to efficiently learn the Bayesian network. The translation from the Bayesian network to a set of inherently interpretable rules can be regarded as a transformation from implicit knowledge to explicit knowledge. We show that our proposed method can achieve not only good detection performance but also high interpretability.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
